Tuesday, October 31, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 36 new rules of which 0 are Shared Object rules and made modifications to 54 additional rules of which 0 are Shared Object rules.

Thursday, October 26, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 2 new rules of which 0 are Shared Object rules and made modifications to 13 additional rules of which 2 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the exploit-kit,
malware-other, netbios, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

Wednesday, October 25, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 21 new rules of which 0 are Shared Object rules and made modifications to 5 additional rules of which 2 are Shared Object rules. Included in this release are Snort rules which can contain the lateral movement of the BadRabbit (and other worms that function the same way).

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the browser-plugins,
malware-cnc, malware-other, netbios, os-windows, protocol-dns,
protocol-ftp and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

Tuesday, October 24, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 11 new rules of which 0 are Shared Object rules and made modifications to 810 additional rules of which 0 are Shared Object rules.

Thursday, October 19, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules of which 5 are Shared Object rules and made modifications to 6 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the browser-ie,
indicator-compromise, indicator-obfuscation, malware-cnc, os-windows,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

Thursday, October 12, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 34 new rules of which 17 are Shared Object rules and made modifications to 11 additional rules of which 0 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the browser-ie,
file-flash, file-image, file-office, file-pdf, malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

Tuesday, October 10, 2017

Just released:
Snort Subscriber Rule Set Update for 10/10/2017, MSTuesday

We welcome the introduction of the newest rule release from Talos. In this release we introduced 33 new rules of which 6 are Shared Object rules and made modifications to 28 additional rules of which 2 are Shared Object rules.

Details:
Microsoft Vulnerability CVE-2017-11762:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44518 through 44519.

Microsoft Vulnerability CVE-2017-11763:
A coding deficiency exists in Microsoft Graphics that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44528 through 44529.

Microsoft Vulnerability CVE-2017-11793:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44508 through 44509.

Microsoft Vulnerability CVE-2017-11798:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44532 through 44533.

Microsoft Vulnerability CVE-2017-11800:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also
included in this release and are identified with GID 1, SIDs 44333
through 44334.

Microsoft Vulnerability CVE-2017-11810:
A coding deficiency exists in Microsoft Scripting Engine that may lead
to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44510 through 44511.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44512 through 44513.

Microsoft Vulnerability CVE-2017-8689:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44516 through 44517.

Microsoft Vulnerability CVE-2017-8694:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44514 through 44515.

Microsoft Vulnerability CVE-2017-8727:
A coding deficiency exists in Microsoft Windows Shell that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 44526 through 44527.

Talos also has added and modified multiple rules in the browser-ie,
file-image, file-office, file-other, os-windows and server-webapp rule
sets to provide coverage for emerging threats from these technologies.

Thursday, October 5, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 21 new rules of which 4 are Shared Object rules and made modifications to 12 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the blacklist,
file-multimedia, file-other, malware-cnc, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

We welcome the introduction of the newest rule release from Talos. In this release we introduced 18 new rules of which 0 are Shared Object rules and made modifications to 6 additional rules of which 1 are Shared Object rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the file-other,
malware-cnc, malware-other, protocol-dns, pua-adware and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.